The opinion in support of the decision being entered today was not written for 
publication and is not binding precedent of the Board. 
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This is a decision on appeal under 35 U.S.C. § 134 from the examiner's final 
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BACKGROUND 

The invention relates to security of data in a data processing system. The 

disclosed invention relates in particular to security of cookies on a user's system. An 

Internet service may provide a block of data (a "cookie"), which includes information 

typically needed by the service, to a client computer system. According to appellants, 

the cookies, which may contain personal data, are typically not secure on the user's 

system. (Spec, at 2-3.) Representative claim 1 is reproduced below. 

1 . A method for protecting the security of a cookie stored within a data 
processing system, said method comprising: 

storing a encryption key pair having a private key and a public key in a 
protected storage device within said data processing system; 

in response to the receipt of a cookie generated by an application from a 
remote server, encrypting said cookie with said public key; 

storing said encrypted cookie in a non-protected storage device within 
said data processing system; 

in response to an access request for said encrypted cookie by a browser 
program executing within said data processing system, decrypting said 
encrypted cookie with said private key; and 

sending said decrypted cookie to said browser program. 

The examiner relies on the following references: 

Win et al. (Win) US 6,182,142 B1 Jan. 30, 2001 

(filed Jul. 10, 1998) 

Schrader et al. (Schrader) US 6,374,359 81 Apr. 16, 2002 

(filed Nov. 19, 1998) 
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Claims 1-7 and 10-16 stand rejected under 35 U.S.C. § 103 as being 
unpatentable over Win and Schrader. 

We refer to the Final Rejection (mailed May 21. 2004) and the Examiner's 
Answer (mailed Nov. 18, 2005) for a statement of the examiner's position and to the 
Brief (filed Aug. 19, 2004) and the Reply Brief (filed Dec. 6, 2005) for appellants' 
position with respect to the claims which stand rejected. 

OPINION 

Appellants argue, inter alia, that the proposed combination of Win and Schrader 
fails to teach or suggest, in response to the receipt of a cookie generated by an 
application from a remote server, encrypting the cookie with the public key, and storing 
the encrypted cookie in a non-protected storage device within the data processing 
system, as required by instant claim 1. 

The statement of the rejection asserts that Win teaches the steps. According to 
the rejection, with reference to material at columns 6 and 1 1 , the Authentication Client 
Module (414; Fig. 4) encrypts and sends information in a "cookie" to the user's browser 
after verifying a user with Registry Server 108. As shown by state 524 (Fig. 5C), cookie 
528 and cookie 530 are encrypted and returned to browser 100. (Answer at 4.) 

However, the cited sections of Win do not describe encrypting a cookie in 
response to the receipt of a cookie generated from a remote server. Consistent with 
the examiner's paraphrasing of the relevant sections (e.g., col. 6, II. 47-56; col. 10, 1. 63 
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- col. 11,1. 8), Win teaches that a "cookie" is a packet of data sent by Web servers to 
Web browsers. Win further teaches that Authentication Client Module 414 (on Access 
Server 106) receives information from a remote source, encrypts the information, and 
sends the encrypted information in the form of a cookie to browser 100, as shown in 
Figures 4 and 5C. 

We do not find any satisfactory explanation in the Final Rejection or Answer as 
to how Win might teach or suggest the above-noted claim recitations that are attributed 
to the reference. In an Advisory Action mailed August 3, 2004, the examiner indicated 
that Win teaches, in one embodiment, that all the components are stored on, and 
executed by, one physical server or computer. In alternate embodiments, according to 
the Advisory, one or more components are deemed to be installed on separate 
computers, referring to column 4, lines 56-60. 

Win teaches, at the bottom of column 4, that in one embodiment all the 
"components" are stored on and executed by one physical server or computer, and that 
in alternate embodiments one or more "components" are installed on separate 
computers. The "components" that Win addresses, when read in context, may include 
Access Server 106 and Registry Server 108 (Fig. 1), but do not include browser 100 
(Fig. 1), which is separately treated at column 5, lines 7 through 18. 

Thus, while Win teaches that components that provide information, receive the 
information, encrypt the information, and send the information in the form of a "cookie" 
to a Web browser may reside on one server or computer, the examiner has identified 
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no teaching for placing any of these functions on a Web browser. Moreover, the 
rejection has not identified any teaching for encrypting a cookie in response to 
reception of the cookie, even if all the described elements, including the browser, might 
somehow reside on the same computer (notwithstanding Win's definition of what 
constitutes a cookie). 

We thus agree with appellants that the rejection fails to show prima facie 
obviousness of the subject matter of instant claim 1 . Claim 10, the other independent 
claim on appeal, recites limitations similar to those we have discussed. We therefore 
cannot sustain the rejection of claims 1-7 and 10-16 under 35 U.S.C. § 103 as being 
unpatentable over Win and Schrader. 
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CONCLUSION 

The rejection of claims 1-7 and 10-16 under 35 U.S.C. § 103 is reversed. 



REVERSED 




Administrative Patent Judge 



HOWARD B. BLANKENSHIP^ 
Administrative Patent Judge 

MAHSHID D. SAADAT 
Administrative Patent Judge 
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